As part of our message protection efforts, Microsoft has evolved our email encryption solutions to provide a unified sender experience whether you're sending a protected message inside of your organization or outside your organization.
How do encrypted messages work?
Previously, if you wanted to send an encrypted message to someone outside of your organization, you had to install the Office Message Encryption add-in to encrypt your emails. The steps used to encrypt an email were very different from the steps used to restrict permissions with IRM.
With the latest updates to Microsoft 365, we now provide users the same experience securing messages both inside and outside the organization. In short, the sender doesn't have to worry about choosing the right encryption method for each recipient.
Recipients will see improvements as well. Regardless of the recipient's email provider or email application, they'll be able to read the encrypted message. If the recipients use Outlook, the experience is seamless. They'll receive the message, see that it's encrypted, and be able to open and read the message. If they can't use Outlook, they'll receive a limited-time web-view link that will let them read the message. There's no software to install. Simply open the web-view link to see the encrypted message.
For more information, see Set up new Microsoft 365 Message Encryption capabilities built on top of Azure Information Protection.
Encrypted messages in action
In this example, Sara is sending an encrypted message to Damien. Sara uses Microsoft 365 and Outlook, while Damien uses Gmail.
Step 1: Sara composes an email to Darren, selects Options > Permission, selects the appropriate permission level, and then sends the message.
Step 2: Darren receives the message in Gmail. He clicks on the limited-time web link, signs in with Google, and gives his consent for Gmail to access the link.
Step 3: Darren views the message from the web-view link.
Tip: When a recipient views an encrypted message on the web, the specific policy, for example, Do Not Forward, is highlighted, and any restricted actions are automatically disabled.